In a client-server architecture, a server controls the distribution of content to and among connected client devices. The hierarchical nature of the client-server architecture has many advantages. For example, because the server controls distribution of content to clients, the server can police the distribution of content to and between clients, thereby ensuring that appropriate level of protection is afforded to sensitive or copyrighted material. In addition, the server, as a centralized point of communication, can more easily detect intrusive or troublesome clients before network performance is affected. Many applications which execute on client-server networks are written as client server applications. In a manner consistent with the client-server architecture, the server application controls the protection and distribution of content to the client applications.
In contrast, in a Peer-to-peer (P2P) network, each participating ‘peer’ device has equivalent capabilities and responsibilities. As a result, P2P networks have a flat, distributed architecture. The lack of hierarchy in the P2P network makes it difficult to control the participating peers in the P2P network.
A problem exists when unauthorized P2P applications are introduced into traditional client-server environments such as corporate networks. Unauthorized P2P applications may be introduced into a corporate network by the employees or other clients with access to the corporate network. Certain models of P2P software seeks out other Internet users using the same program and informs them of a peer online presence, building a large network of computers as more users install and use the software. One example of such a P2P application is an Instant Messaging (IM) application.
Unauthorized P2P applications impose new challenges to network security and occupy a significant amount of network bandwidth, computer processing power and storage space that are critical to the normal operation of the corporation. Certain P2P applications may involve the illegal exchange of copyrighted materials by clients in the corporate network, thereby exposing the corporation to potential legal disputes related to such activities. In addition, the secretive nature of P2P applications makes it difficult to control the applications' activities and concomitantly the flow of information between the corporate network and the public internet. Confidential and critical corporate information may be exposed without any means of detecting the loss.
P2P applications may be intentionally designed to evade corporate networks protected by conventional firewalls and Network Address Translation (NAT) devices. For example, certain P2P applications may use random port numbers for P2P communication, encrypt messages to prevent high-layer analysis of traffic, use debugging prohibit technologies to prevent low-level analysis of the application, use special technologies such as Simple Traversal of UDP though NAT (STUN) and Traversal Using Relay NAT (TURN) to penetrate NAT devices, or attempt to connect using TCP over port 80 and 443 to disguise P2P traffic as legitimate HTTP/HTTPS traffic to deceive the firewall, or use multiple dynamic hosts as proxies for P2P communications.
Attempts to defend corporate networks from unauthorized P2P applications have included attempts to block or otherwise control access to firewall ports, block the download of P2P executables or block access to known central P2P registration servers. However, the currently available solutions have not proven sufficient to defend the corporate network from unauthorized P2P applications.